Lucene search

[email protected]CVE-2019-13602

HistoryJul 14, 2019 - 9:15 p.m.

CVE-2019-13602

2019-07-1421:15:11

CWE-787

CWE-191

[email protected]

web.nvd.nist.gov

244

cve-2019-13602

mp4

demux

buffer overflow

vlc media player

denial of service

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.9%

JSON

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.

Affected configurations

NVD

Node

videolanvlc_media_playerRange≤3.0.7.1

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

Node

opensusebackports_sleMatch15.0-

opensusebackports_sleMatch15.0sp1

opensuseleapMatch15.0

opensuseleapMatch15.1

CPENameOperatorVersion
videolan:vlc_media_playervideolan vlc media playerle3.0.7.1

CPE	Name	Operator	Version
videolan:vlc_media_player	videolan vlc media player	le	3.0.7.1

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00005.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00037.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00040.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00081.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00036.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00046.html

www.securityfocus.com/bid/109158

git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=8e8e0d72447f8378244f5b4a3dcde036dbeb1491

git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=b2b157076d9e94df34502dd8df0787deb940e938

seclists.org/bugtraq/2019/Aug/36

security.gentoo.org/glsa/201909-02

usn.ubuntu.com/4074-1/

www.debian.org/security/2019/dsa-4504

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2019-13602

ubuntucve1 veracode1 prion1 cvelist1 alpinelinux1 openvas10 osv2 debiancve1 nvd1 ubuntu1 nessus8 suse6 threatpost1 kaspersky1 mageia1 gentoo1 debian1 freebsd1